[PHP] Re: User accounts
David Johansen wrote: > I'm new to this php thing and I would like to set up a web page were the > users can login and edit their preferences and all that stuff. I have the > basic login stuff worked out and I was passing the username and password as > a hidden input in the form, but then the password can be seen with view > source. I know that there's a better way to do this, so could someone point > me to a good tutorial or example on how I could make it so that the user > could login and logout and then I wouldn't need to be passing the password > all around like this. Thanks, > Dave For me, the all round best approach to usernames and passwords is to use http authentication. Then the browser, or whatever's at the other end of the web, takes care of storing usernames and passwords for you, with the full knowledge that it is storing a username and password. The big downside is that you have so little control over how the login looks, all you get to set is the "domain" name. The plus sides are that your users will certainly be familiar with the prompts, it looks professional and you get all the benefits of automatic standards compatibility. For example, I was amazed to find when I was doing a wml version of a script that my existing http authentication worked fine on a mobile phone, with no changes to the code at all. I'd go into more detail, but if you've already done your login page, I guess you've already made your mind up. ;( Good luck anyway, George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: User accounts
Surely an empty string is == false. In fact I'd be interested if anyone can come up with a situation where !$x doesn't return the same as empty($x) i.e. can anyone get a value of $x such that !$x !== empty($x) Tim Ward Internet Chess www.chessish.com <http://www.chessish.com> -- From: Kevin Stone [SMTP:[EMAIL PROTECTED]] Sent: 07 March 2002 23:56 To: 'David Johansen'; [EMAIL PROTECTED] Subject: RE: [PHP] Re: User accounts I understand your confusion. The thing is that empty() and ! are two completely different arguments. if(empty($var)) is looking for: $var = ''; if(!$var) is looking for: $var = false; or $var = 0; If $var is set to anything other than 0 or false then the ASCII value of the string is (by definition) equivilant to an integer value of 1 or more. And thus is interpreted as true. Hope that helps. -Kevin -Original Message- From: David Johansen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: [PHP] Re: User accounts Here's a little piece of code that gives me a weird problem: I have the session started and everything, but it gives me the following error. Warning: Undefined variable: logout in c:\inetpub\wwwroot\uslogin.php on line 13 I've seen this used on several examples. I know that if I just use empty($logout) then it'll work ok, but I just wanted to know why it's used in so many examples but doesn't work in my code. Is there some setting that I have set wrong or something? Thanks, Dave "David Johansen" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm new to this php thing and I would like to set up a web page were the > users can login and edit their preferences and all that stuff. I have the > basic login stuff worked out and I was passing the username and password as > a hidden input in the form, but then the password can be seen with view > source. I know that there's a better way to do this, so could someone point > me to a good tutorial or example on how I could make it so that the user > could login and logout and then I wouldn't need to be passing the password > all around like this. Thanks, > Dave > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: User accounts
I understand your confusion. The thing is that empty() and ! are two completely different arguments. if(empty($var)) is looking for: $var = ''; if(!$var) is looking for: $var = false; or $var = 0; If $var is set to anything other than 0 or false then the ASCII value of the string is (by definition) equivilant to an integer value of 1 or more. And thus is interpreted as true. Hope that helps. -Kevin -Original Message- From: David Johansen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: [PHP] Re: User accounts Here's a little piece of code that gives me a weird problem: I have the session started and everything, but it gives me the following error. Warning: Undefined variable: logout in c:\inetpub\wwwroot\uslogin.php on line 13 I've seen this used on several examples. I know that if I just use empty($logout) then it'll work ok, but I just wanted to know why it's used in so many examples but doesn't work in my code. Is there some setting that I have set wrong or something? Thanks, Dave "David Johansen" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm new to this php thing and I would like to set up a web page were the > users can login and edit their preferences and all that stuff. I have the > basic login stuff worked out and I was passing the username and password as > a hidden input in the form, but then the password can be seen with view > source. I know that there's a better way to do this, so could someone point > me to a good tutorial or example on how I could make it so that the user > could login and logout and then I wouldn't need to be passing the password > all around like this. Thanks, > Dave > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: User accounts
Here's a little piece of code that gives me a weird problem: I have the session started and everything, but it gives me the following error. Warning: Undefined variable: logout in c:\inetpub\wwwroot\uslogin.php on line 13 I've seen this used on several examples. I know that if I just use empty($logout) then it'll work ok, but I just wanted to know why it's used in so many examples but doesn't work in my code. Is there some setting that I have set wrong or something? Thanks, Dave "David Johansen" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm new to this php thing and I would like to set up a web page were the > users can login and edit their preferences and all that stuff. I have the > basic login stuff worked out and I was passing the username and password as > a hidden input in the form, but then the password can be seen with view > source. I know that there's a better way to do this, so could someone point > me to a good tutorial or example on how I could make it so that the user > could login and logout and then I wouldn't need to be passing the password > all around like this. Thanks, > Dave > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: User accounts
David Johansen wrote: > I'm new to this php thing and I would like to set up a web page were the > users can login and edit their preferences and all that stuff. I have the > basic login stuff worked out and I was passing the username and password as > a hidden input in the form, but then the password can be seen with view > source. I know that there's a better way to do this, so could someone point > me to a good tutorial or example on how I could make it so that the user > could login and logout and then I wouldn't need to be passing the password > all around like this. Thanks, > Dave > Dave: Have a read up about sessions in the PHP manual to start. The basic idea is that you'd store the fact that someone is succesfully logged in or not (and who they are) in session information at the server. The client forms never have to have the username or password in them at that point (only when they submit their login data). Michael Kimsal http://www.phphelpdesk.com Taking the ? out of http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php